- Introduced a .nvmrc file to specify the Node.js version (22) for the project, ensuring consistent development environments.
- Enhanced error handling in the startServer function to provide clearer messages when the Node.js executable cannot be found, improving debugging experience.
- Updated package.json files across various modules to enforce Node.js version compatibility and ensure consistent dependency versions.
These changes aim to streamline development processes and enhance the application's reliability by enforcing version control and improving error reporting.
- Introduced a restricted file system wrapper to ensure all file operations are confined to the script's directory, enhancing security.
- Updated various modules to utilize the new secure file system methods, replacing direct fs calls with validated operations.
- Enhanced path validation in the server routes and context loaders to prevent unauthorized access to the file system.
- Adjusted environment variable handling to use centralized methods for reading and writing API keys, ensuring consistent security practices.
This change improves the overall security posture of the application by enforcing strict file access controls and validating paths before any operations are performed.
- Enhanced the configureThrottling function to prevent changes to maxConcurrency while operations are in flight.
- Added comprehensive unit tests for secure-fs throttling and retry logic, ensuring correct behavior and configuration.
- Removed outdated secure-fs test file and replaced it with a new, updated version to improve test coverage.
- Added concurrency limiting using p-limit to prevent ENFILE/EMFILE errors.
- Introduced retry logic with exponential backoff for transient file descriptor errors.
- Enhanced secure-fs with new functions for configuring throttling and monitoring active/pending operations.
- Added unit tests for throttling and retry logic to ensure reliability.
- Introduced CRUD operations for GitHub issue validation results, including storage and retrieval.
- Added new endpoints for checking validation status, stopping validations, and deleting stored validations.
- Enhanced the GitHub routes to support validation management features.
- Updated the UI to display validation results and manage validation states for GitHub issues.
- Integrated event handling for validation progress and completion notifications.
- Add PRE_RELEASE_PATTERN to identify beta, rc, alpha, nightly, canary, dev, pre versions
- Modify findNodeFromVersionManager to try stable versions first
- Pre-release versions are used as fallback if no stable version found
- Add tests for pre-release detection and version prioritization
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add isExecutable() helper to verify files have execute permission
- On Unix: uses fs.constants.X_OK to check execute permission
- On Windows: only checks file existence (X_OK not meaningful)
- Replace fs.existsSync with isExecutable for all node path checks
- Add JSDoc comment documenting version sorting limitations
- Add test to verify found node binary is executable
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add null byte validation to shell command output (security hardening)
- Expand VERSION_DIR_PATTERN comment to explain intentional pre-release support
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Extract VERSION_DIR_PATTERN regex to named constant
- Pass logger to findNodeViaShell for consistent debug logging
- Fix buildEnhancedPath to not add trailing delimiter for empty currentPath
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add path.normalize() for Windows mixed separator handling
- Add validation to check Node executable exists after finding it
- Improve error dialog with specific troubleshooting advice for Node.js
related errors vs general errors
- Include source info in validation error message
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix PATH collision detection using proper path segment matching
instead of substring includes() which could cause false positives
- Reorder fnm Windows paths to prioritize canonical installation path
over shell shims (fnm_multishells)
- Make Windows path test platform-aware since path.dirname handles
backslash paths differently on non-Windows systems
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When the Electron app is launched from desktop environments (macOS Finder,
Windows Explorer, Linux desktop launchers), the PATH environment variable
is often limited and doesn't include Node.js installation paths.
This adds a new `findNodeExecutable()` utility to @automaker/platform that:
- Searches common installation paths (Homebrew, system, Program Files)
- Supports version managers: NVM, fnm, nvm-windows, Scoop, Chocolatey
- Falls back to shell resolution (which/where) when available
- Enhances PATH for child processes via `buildEnhancedPath()`
- Works cross-platform: macOS, Windows, and Linux
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move ESM module configuration from individual package tsconfigs to the
shared base configuration for better maintainability.
Changes:
- Updated libs/tsconfig.base.json:
- Changed module: "commonjs" → "NodeNext"
- Changed moduleResolution: "node" → "NodeNext"
- Cleaned up all lib package tsconfigs:
- Removed duplicate module/moduleResolution settings
- Now all packages inherit ESM config from base
- Packages: dependency-resolver, git-utils, model-resolver, platform, utils
Benefits:
✅ Single source of truth for module configuration
✅ Less duplication, easier maintenance
✅ Consistent ESM behavior across all lib packages
✅ Simpler package-specific tsconfig files
All packages build successfully. All 632 tests passing.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Convert all shared library packages from CommonJS to ESM for consistency
with apps/server and modern JavaScript standards.
Changes:
- Add "type": "module" to package.json for all libs
- Update tsconfig.json to use "NodeNext" module/moduleResolution
- Add .js extensions to all relative imports
Packages migrated:
- @automaker/dependency-resolver (already ESM, added .js extension)
- @automaker/git-utils (CommonJS → ESM)
- @automaker/model-resolver (CommonJS → ESM)
- @automaker/platform (CommonJS → ESM)
- @automaker/utils (CommonJS → ESM)
Benefits:
✅ Consistent module system across all packages
✅ Better tree-shaking and modern bundling support
✅ Native browser support (future-proof)
✅ Fixes E2E CI server startup issues
All tests passing: 632/632 server tests
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit addresses all "Should Fix" items from the PR review:
1. Security Documentation (platform package)
- Added comprehensive inline documentation in security.ts explaining
why path validation is disabled
- Added Security Model section to platform README.md
- Documented rationale, implications, and future re-enabling steps
2. Model Resolver Tests
- Created comprehensive test suite (34 tests, 100% coverage)
- Added vitest configuration with strict coverage thresholds
- Tests cover: alias resolution, full model strings, priority handling,
edge cases, and integration scenarios
- Updated package.json with test scripts and vitest dependency
3. Feature Loader Logging Migration
- Replaced all console.log/warn/error calls with @automaker/utils logger
- Consistent with rest of codebase logging pattern
- Updated corresponding tests to match new logger format
4. Module Format Consistency
- Verified all packages use consistent module formats (ESM)
- No changes needed
All tests passing (632 tests across 31 test files).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added coverage thresholds to all shared lib packages and increased
server thresholds to ensure better code quality and confidence.
Lib package thresholds:
- dependency-resolver: 90% stmts/lines, 85% branches, 100% funcs
- git-utils: 65% stmts/lines, 35% branches, 75% funcs
- utils: 15% stmts/lines/funcs, 25% branches (only error-handler tested)
- platform: 60% stmts/lines/branches, 40% funcs (only subprocess tested)
Server thresholds increased:
- From: 55% lines, 50% funcs, 50% branches, 55% stmts
- To: 60% lines, 75% funcs, 55% branches, 60% stmts
- Current actual: 64% lines, 78% funcs, 56% branches, 64% stmts
All tests passing with new thresholds. Lower thresholds on utils and
platform reflect that only some files have tests currently. These will
be increased as more tests are added.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Standardize vitest to v4.0.16 across all packages
- Clean up type imports in events.ts (remove verbose inline casting)
- Expand skipDirs to support Python, Rust, Go, PHP, Gradle projects
- Document circular dependency prevention in @automaker/types
- Add comprehensive error handling documentation to @automaker/git-utils
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added author information as "AutoMaker Team" to all package.json files.
- Set license to "SEE LICENSE IN LICENSE" for consistency across the project.
Changes:
- Move subprocess-manager tests to @automaker/platform package
- Tests need to be co-located with source for proper mocking
- Add vitest configuration to platform package
- 17/17 platform tests pass
- Update server vitest.config.ts to alias @automaker/* packages
- Resolve to source files for proper mocking in tests
- Enables vi.mock() and vi.spyOn() to work correctly
- Fix security.test.ts imports
- Update dynamic imports from @/lib/security.js to @automaker/platform
- Module was moved to shared package
- Rewrite prompt-builder.test.ts
- Use fs/promises mock instead of trying to spy on internal calls
- 10/10 tests pass
Test Results:
✅ Server: 536/536 tests pass
✅ Platform: 17/17 tests pass
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added README.md for all 6 shared packages:
- @automaker/types: Type definitions and interfaces
- @automaker/utils: Utility functions (logger, error handling, images)
- @automaker/platform: Platform utilities (paths, subprocess, security)
- @automaker/model-resolver: Claude model resolution
- @automaker/dependency-resolver: Feature dependency ordering
- @automaker/git-utils: Git operations and diff generation
- Removed MIT license from all package.json files (using custom dual license)
- Created comprehensive LLM guide (docs/llm-shared-packages.md):
- When to use each package
- Import patterns and examples
- Common usage patterns
- Migration checklist
- Do's and don'ts for LLMs
Documentation helps developers and AI assistants understand package purpose,
usage, and best practices.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
